Apache Tomcat HTTP Connector Send File Processing Cache Error Lets Remote Users Obtain Potentially Sensitive Information on the Target System
Severity Rating: Medium
- Apache Tomcat version 8.5.0 to 8.5.12, 9.0.0.M1 to 9.0.0.M18
A vulnerability was reported in Apache Tomcat and can be exploited by remote attackers to obtain potentially sensitive information on the vulnerable system. The vulnerability exists due to an error which occurred in the HTTP connectors send file processing, causing the invoked Processor to be added to the cache twice. As a result, a remote user may view potentially sensitive information from the wrong response.
Users are advised to apply updates.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street